Page tree

Michael O'Brien

Skip to end of metadata
Go to start of metadata

Terraform Quickstart

Hashicorp is an excellent company - I have used vagrant in the past - terraform works very well.

Terraform does not maintain state in the account (via a CloudFormation stack) - it uses a local .tfstate file.

Also use vault for secrets, use terragrunt as a wrapper.

https://www.terraform.io/ - extract out https://www.terraform.io/downloads.html and move the binary. 

Follow https://learn.hashicorp.com/terraform/getting-started/install.html and https://learn.hashicorp.com/terraform/getting-started/change

AWS key/secret are in ~/.aws/credentials and config for the region for the config.ts details.

The AWS provider as part of terraform is internal and not directly related to the native AWS CLI - AWS Developer Guide#AWSCLI

https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples

Installing Terraform

Check for the latest 20190822 version in https://github.com/hashicorp/terraform/blob/v0.12.7/CHANGELOG.md

20200206: v0.12.21 https://github.com/hashicorp/terraform/blob/master/version/version.go

I usually run terraform on a jump box when running multiple laptops.

https://www.terraform.io/downloads.html

$sudo cp ~/Downloads/terraform /usr/local/bin
$terraform -version
Terraform v0.12.2


Install AWS CLI to provide credentials

The AWS credentials will be installed and ready for terraform - see AWS Developer Guide#AWSCLI or just do an

aws configure

Linux/Ubuntu Terraform Installation

# the ec2 vm even if it is ubuntu instead of amazon linux will have the aws secret key provisioned if the AWS CLI was installed 

- verify
ubuntu@ip-172-31-94-184:~$ ls ~/.aws
config  credentials
ubuntu@ip-172-31-94-184:~$ cat ~/.aws/credentials 
[default]
aws_access_key_id = A**
aws_secret_access_key = Dl****l

# get the latest
wget https://releases.hashicorp.com/terraform/0.12.7/terraform_0.12.7_linux_amd64.zip
$ sudo apt install unzip
$ sudo unzip terraform_0.12.7_linux_amd64.zip terraform
Archive:  terraform_0.12.7_linux_amd64.zip
  inflating: terraform               
$ sudo cp terraform /usr/local/bin
$ sudo chmod 777 /usr/local/bin/terraform 
$ exit

# upload a minimal template
obrienbiometrics:terraform michaelobrien$ scp aws_instance.tf ubuntu@bastion.obrienlabs.cloud:~/
aws_instance.tf                                                   100%  102     1.1KB/s   00:00
# go back into the box    
obrienbiometrics:terraform michaelobrien$ ssh ubuntu@bastion.obrienlabs.cloud

$ terraform init
* provider.aws: version = "~> 2.17"
Terraform has been successfully initialized!

$ terraform apply


Local Terraform Installation

sudo cp ~/Downloads/terraform /usr/local/bin/
sudo chmod +x /usr/local/bin/terraform
terraform init
* provider.aws: version = "~> 2.12"
Terraform has been successfully initialized!

# leave out your creds for auto discovery except the region
obrienbiometrics:terraform michaelobrien$ cat aws_instance.tf 
resource "aws_instance" "example" {
  ami           = "ami-2757f631"
  instance_type = "t2.micro"
}
provider aws {
  region = "us-east-1"

}

obrienbiometrics:terraform michaelobrien$ terraform apply
provider.aws.region
  The region where AWS operations will take place.
Do you want to perform these actions?
  Enter a value: yes
aws_instance.example: Creation complete after 35s [id=i-0c85247989abb315a]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

# see terraform.tfstate
# modify ami
terraform apply
Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
# destroy
terraform destroy
Plan: 0 to add, 0 to change, 1 to destroy.

Windows Terraform Installation

Download the latest 64 bit version 0.12.7 from https://releases.hashicorp.com/terraform/0.12.7/terraform_0.12.7_windows_amd64.zip

Copy the terraform.exe executable into any directory on your path - for example c:/opt/bin

0.12.0 has 2.13, 0.12.7 has 2.26

$ terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (terraform-providers/aws) 2.26.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.aws: version = "~> 2.26"

Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

# if you don't have the AWS CLI installed yet - create the aws credentials file and validate it
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
$ vi ~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
  # aws_instance.example will be created
  + resource "aws_instance" "example" {
      + ami                          = "ami-2757f631"
Plan: 1 to add, 0 to change, 0 to destroy.

$ terraform apply

Instance:  i-0bf09a07a574e5c53Public DNS: ec2-52-91-61-19.compute-1.amazonaws.com

Upgrading Terraform

ubuntu@ip-172-31-94-184:~$ terraform -version
Terraform v0.12.6
+ provider.aws v2.17.0

Your version of Terraform is out of date! The latest version
is 0.12.19. You can update by downloading from www.terraform.io/downloads.html


AWS Provider Examples

https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples

or

https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html and 

Issues

Sync AWS out of band changes 

When you did changes outside of terraform - run terraform init to sync.

terraform init

Resync after AWS account switch

Scenario: create a stack, switch .aws/credentials account, attempt to destroy - successful but 0 actions, now terraform init and attempt to destroy on original account - nothing.

Headless Terraform scripts


Azure Provider Examples

see https://github.com/terraform-providers

 


Terraform on an AWS Bastion VM

In order to keep the terraform init configuration in one place - among multiple laptops/accounts - run the templates from a bastion box.


Links

  • No labels

1 Comment

  1. add terraform plan and import (cloudformer)


    check picharm proxy also


    3scale redhat openshift